| From: | Adam Brightwell <adam(dot)brightwell(at)crunchydatasolutions(dot)com> |
|---|---|
| To: | Joe Conway <mail(at)joeconway(dot)com> |
| Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com>, Stephen Frost <sfrost(at)snowman(dot)net>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: row_security GUC, BYPASSRLS |
| Date: | 2015-09-15 19:37:25 |
| Message-ID: | CAKRt6CT-_GM4HUccOH0PyWfJxkedF9pi74j980h7VXyGA54hLA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> I could also see a potential gap in such approach. Specifically, I
> could see a case were there are two separate roles, one that is
> entrusted with defining the policies but not able to create/modify
> tables, and one with the opposite capability (I understand this to be
> a fairly common use-case, at least at a system level). Since you
> can't GRANT 'alter' rights to the table, then obviously the policy
> definer would have to either be the owner of the table or a member of
> the role that owns it, right? Given that, if by definition the policy
> definer is not allowed to do anything other than define policies, then
> obviously putting such a role in the table owners group would allow it
> to do much more, correct?
Actually, disregard, I forgot about "You must be the owner of a table
to create or change policies for it." So that would obviously negate
my concern.
-Adam
--
Adam Brightwell - adam(dot)brightwell(at)crunchydatasolutions(dot)com
Database Engineer - www.crunchydatasolutions.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-09-15 19:42:39 | Re: Additional LWLOCK_STATS statistics |
| Previous Message | Jeff Janes | 2015-09-15 19:30:40 | Re: pgbench progress with timestamp |